Good podcast? Give it some love!
Security Weekly
Tradecraft Security Weekly (Audio)Episodes
Security Weekly
Tradecraft Security Weekly (Audio)
Good podcast? Give it some love!
Rate Podcast
Episodes of Tradecraft Security Weekly
Mark All
Search Episodes...
This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week's episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year. For Sh
Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Bea
In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standa
It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the v
In this episode of Tradecraft Security Weekly, Mike Felch discusses with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability
Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social en
Domain fronting is a technique used to mask command and control (C2) traffic. It is possible for C2 channels to be proxied through CDN's like Cloudfront to make it appear like normal Internet traffic. It is very difficult to detect and block fo
If you are a penetration tester password cracking is something you will inevitably do. On most engagements we typically don't have months on end to crack passwords. In an effort to help be more efficient in your cracking techniques Beau Bullock
On penetration tests we are often-times faced with very large external or internal attack surfaces that are made up of multiple web applications. When there is a need to assess thousands of webapps quickly manually navigating each page with a b
After exploiting a system on a remote & unfamiliar network it is extremely important to gain situational awareness as quickly, and quietly as possible. This will help ensure success moving forward with other attacks. In this episode of Tradecra
It is common for organizations to proxy web traffic so they can place restrictions on what websites can be visited by employees. To make the management of allowing or denying access to a large number of sites easier many web proxies utilize cat
Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft
Public File Metadata Analysis with PowerMeta - It is very common for organizations to post files (docx, pdf, xlsx, etc.) to publicly available websites on the Internet. Often times these organizations have not taken the time to strip the metada
Join Podchaser to...
- Rate podcasts and episodes
- Follow podcasts and creators
- Create podcast and episode lists
- & much more
Unlock more with Podchaser Pro
- Audience Insights
- Contact Information
- Demographics
- Charts
- Sponsor History
- and More!
- Account
- Register
- Log In
- Find Friends
- Resources
- Help Center
- Blog
- API
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More
- © 2024 Podchaser, Inc.
- Privacy Policy
- Terms of Service
- Contact Us